Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2022, 16:50
Behavioral task
behavioral1
Sample
8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478.dll
Resource
win10v2004-20220812-en
General
-
Target
8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478.dll
-
Size
65KB
-
MD5
65e30eb060ad1a925c1cc66d7742ea70
-
SHA1
b3dfe1856665ad036e311968068e7d118013e81d
-
SHA256
8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478
-
SHA512
ebd84d0e0137be24fbc679c08570c9b4737afd75490e1ef82cb2f7533e87455a8ed93ab4e460076aadd111ae7df8b7d85ec5de37484cd3baa380644e34a82518
-
SSDEEP
1536:33lut2L47vQkODCES8wFmasu6pqd5O7+vuQhwo:nluSeQkODCEDWm+urfYx
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2408-133-0x0000000010000000-0x000000001004E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4308 wrote to memory of 2408 4308 rundll32.exe 82 PID 4308 wrote to memory of 2408 4308 rundll32.exe 82 PID 4308 wrote to memory of 2408 4308 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4308 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8ea2e52c614ee752f8640c7a84b2df9d1ebd29124890e3fcc8665ea7bfc74478.dll,#12⤵PID:2408
-